Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Cofense Advances Email Security With Updated Tools

Cofense is updating its Triage phishing detection technology and is introducing the Vision product to help organizations identify, orchestrate and remediate email security across distributed enterprises.

WEBINAR:On-Demand

Cofense announced the launch of its new Vision email security product, alongside updated capabilities for its Triage platform, on July 30.

Cofense is positioning its combined email security offering as a Phishing-Specific Orchestration, Automation and Response (SOAR) platform. Cofense Vision provides visibility capabilities for discovering email threats that are present across an organization. Vision complements Cofense's Triage platform, which has been improved with new playbooks and workflows to help organizations stop phishing attacks that are in progress.

"Incident responders have been able to take the barrage of email and, with the help of Triage, cut out the noise and find the needle in the needle stack," Rohyt Belani, CEO and co-founder of Cofense, told eWEEK. "Now what we've got with this new product Vision is the ability not just to find the bad, but also respond to the bad."

Further reading

Cofense was originally called PhishMe until the company rebranded on Feb. 26. The company still sells its PhishMe phishing simulation and training product, along with the Triage and new Vision products, to help organizations combat email phishing security threats.

At launch, the Vision capability provides integration with Microsoft Office 365 for cloud-based email and Microsoft Exchange email for on-premises deployments. Belani said that with Vision, Cofense is also providing organizations with logging and auditing trails for phishing emails to help hunt for and identify phishing threats across a distributed organization. Vision's primary user interface is available within the Triage product as an additional paid capability. That said, Belani said that if a customer for whatever reason chooses not to buy Triage but still wants the Vision capability, they will have the option to buy it as a stand-alone offering.

How It Works

Vision provides a deep level of integration with both Exchange and Office 365 that goes beyond just basic API integration with the email services, Belani said. Cofense's technology is also able to collect audit and log trails, in addition to running a clustering algorithm to correlate phishing emails, he added.

"There's a bit of a secret sauce there with the natural language processing for phishing detection," Belani said.

Cofense also provides granular rules configuration options that enable organizations to set policies for how they want to identify and treat potential phishing emails that are detected. Belani said Cofense enables users to manually create search criteria so rather than just searching for an exact match of a given phishing email, an organization can search, for example, for any email that matches the first two words in the subject line.

Business Email Compromise

Among the most successful forms of email attacks today is Business Email Compromise (BEC), which the FBI estimates has resulted in a staggering $12.5 billion in victim losses over the last five years.

Belani said BEC is different than a typical phishing attack because it doesn't include links pointing to malicious websites or attachments with malware. With Cofense Triage, users within an organization can report suspicious emails, which can then be further examined with Vision. He added that the combination of technology and humans often is the best way to identify and stop BEC attacks.

Triage Playbooks

Alongside Vision, Cofense is updating Triage with new workflow and playbook capabilities to help orchestrate phishing investigation and response.

With Triage, organizations can now create playbooks, so that any future emails that are reported that match a given set of criteria are then passed on to another function for further investigation, Belani said. That investigation can come by way of Cofense's integration with other technology vendor products including Palo Alto's Wildfire sandbox. The playbooks can also be set up to automatically quarantine emails that meet certain criteria.

In addition to the playbooks, Belani said Cofense has also performed a significant overhaul on the underlying Triage engine to improve performance and responsiveness. He noted that the engine was originally written in the Ruby on Rails programming model and has now been redone in Java, running in containers. The updated engine is now also better at prioritizing phishing email reports, helping to improve organizational efficiency, he added. There is now also a more cohesive scoring mechanism for identifying phishing that benefits from Cofense's own analysis as well as additional third-party tool analysis that an organization might be using, such as Palo Alto Wildfire.

Looking forward, Belani said Cofense will be working on providing further automation capabilities to its PhishMe simulation product, which will also benefit from the playbook model.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.